Graylog Cloud is the simplest way to gain all the benefits of Graylog's logging platform without the need to self host and maintain your Graylog infrastructure. With Graylog Cloud, there are no Graylog servers to provision, secure, or manage yourself.

Once you have purchased a license, our Cloud team will make necessary provisions for your cloud instance and provide you with secure login credentials. You can then log in to your cloud instance and begin collecting and analyzing your log data.


• A Graylog Cloud License is required; contact the Graylog Sales team to learn more.

How Does Graylog Cloud Compare to a Self-Managed Instance?

Feature Self-Managed Cloud Comparison
Pre-Installed Illuminate Content

Graylog Cloud provides pre-installed Illuminate content. Cloud customers can choose which packs to activate.

Single-Sign-On (SSO) using SAML

SAML can be used to authenticate with any existing identity provider supporting this protocol, e.g. Azure AD.

SAML can be set up by our Cloud team on a per-request basis.

LDAP Integration

Graylog Cloud does not support a direct integration with LDAP or Active Directory (AD). But SAML can be used with any existing identity provider supporting this protocol, e.g. Azure AD.

SAML can be set up by our Cloud team on a per request basis.

LDAP Groups Integration As noted above, Graylog Cloud currently does not allow direct integration with LDAP, but we do offer SAML support. Our initial support for SAML will focus on SSO, not team sync.
Okta Authentication Support and Teams Sync In Cloud, Okta can be configured as an identity provider using SAML. Our initial support for SAML will focus on SSO, not team sync. 
Generic OIDC Authentication Support For now, Graylog Cloud will focus on allowing SSO using SAML.
Notifications - Script Notification We currently don’t provide access to the server filesystem in Cloud, so users cannot upload custom scripts to execute. The current workaround would be for a user to host the script elsewhere and call it using a notification.
90-Day Live Storage In self-managed environments the customer is responsible for provisioning enough storage capacity to allow any desired data retention. In Graylog Cloud we provision enough storage capacity to allow a retention of up to 90 days based on the contract’s daily ingest volume and monitor utilization to escalate in case of overuse.
24x7 Ops Support This is one of the most significant advantages of utilizing a hosted cloud solution.
1 Year of Archived Data

In Cloud we provide 1 year of Archived Data at no extra costs. These archives can be restored.

Upon request we can change the configuration to store archives in a custom S3 bucket, provided by the customer.

GeoIP Support Using IPinfo In self-managed environments the customer is responsible for obtaining a license and provisioning MaxMind or IPinfo files on all Graylog servers. In Graylog Cloud we provide IPinfo database files at no extra cost.
Direct Inputs Data ingest on Cloud is exclusively via the Forwarder. Since extractors are configured as part of direct inputs, Pipelines should be used instead.
Outputs The Output Framework currently not supported in Cloud
Managed SMTP Setup In self-managed environments, the customer is responsible for configuring a working SMTP server to let Graylog send emails. In Cloud this is part of the included service.
Access to Server Log Files Cloud users will not have access to the filesystems of the Graylog, OpenSearch, or MongoDB servers.
SSH Access to Server Nodes Cloud users don’t have SSH access to any server nodes (Graylog, OpenSearch, MongoDB). This means they can neither log in to those nodes to execute commands, nor put custom files there. There is also no customer access to the MongoDB shell.
Flexible Index Rotation Settings In Cloud we limit the maximum rotation time of an index to 24h.
Access to All System Pages

In Cloud a few pages in the System menu are hidden, as the related features are not supported or exposed:

  • Nodes
  • Inputs are managed using the Forwarder
  • Outputs
  • Logging
  • Authentication
  • Collectors (legacy)
Configurable Timeouts for Search Queries

In Cloud the idle timeout for queries to OpenSearch is set to 300 seconds (and can not be increased). Users will see errors on queries that need longer time to respond. The recommendation would be to reduce the amount of data that is being queried, e.g. by using a shorter time range.

In self-managed environments, users can set custom timeout values.

Custom Plugins

In Cloud we cannot support 3rd party plugins currently for security reasons. Many of the available plugins (e.g. on the Graylog Marketplace) were written for old Graylog versions and use deprecated APIs.

If there is a strong demand for a specific integration or content, customers can reach out to their Customer Success agent and our Content and Integration team may be able to build official support for it.

Getting Started

After receiving your Graylog Cloud account credentials, it is recommended that you take a moment to review the most essential components that support your Graylog instance.


The Graylog Forwarder is what allows you to send log data into Graylog. Refer to the Graylog documentation that provides detailed instructions for installing and setting up the Forwarder.

Hint: Currently, the only way to get log data into Graylog Cloud is via the Forwarder.


Users also have the option to use the Graylog Sidecar to manage different log collectors.

The Sidecar is a lightweight program that runs on your servers and collects log data from various sources. It then forwards this data to Graylog for processing. Refer to Graylog documentation for Sidecar configuration in the Cloud.


Now you have log data flowing into your Graylog Cloud instance. The next step is to create Graylog streams.

Graylog streams are powerful rules that can route, filter, and alert on log data based on your defined criteria. To learn more refer to the Graylog documentation on creating streams.